Early Friday morning (21-10-2016), Dyn, a company that provides Domain Name Servers (DNS) for a lot of heavily trafficked websites and services, came under a massive Distributed Denial of Service (DDoS) attack. This disrupted access to many sites for people across the U.S, top sites disrupted includes;
- Spotify,Netflix,Twitter,Github,Amazon,Paypal,Heroku,Soundcloud,Netflix,Crunchbase,BBC,CNN,NYT,HBO, Yelp, Pinterest, BusinessInsider, Walgreens and so many others
The attackers overwhelmed Dyn by sending it overwhelming amounts of traffic, likely using hacked Internet of Things devices. Dyn seemed to have the attack under control late Friday morning, but then it resumed and spread.
This attack brings to limelight some salient questions about “internet of things” which needs to be taken seriously;
Cybersecurity experts have warned that IoT is an easily exploitable area in corporations and can be used effectively in mass cyberattacks.
Surveillance cameras are one example of this as the firmware tends to be similar across the board and contains a vulnerability that can easily be exploited, according to Tech Crunch.
The release of the source codes of botnets online has also made it easier for cyber attackers to launch a DDoS attack. IoT devices also have the disadvantage of not being able to run standard cyber security software.
Internet of Things is mooted to become the largest device market in the world, expected to reach double the size of the smartphone, PC, tablet, connected car and wearable market combined by 2019, according to a BI Intelligence report.
The Internet of Things is defined as the network of physical objects or “things” embedded with electronics, softwares, and sensors, and is seen to increase the value and service of connectivity via the automation of the exchange of data between the manufacturer, operator and other connected devices.
With more and more devices becoming interconnected with each other such as smartwatches, smartphones, baby monitors, and home security systems, coupled with the security, physical and software limitations inherent in these devices, it becomes all too easy to launch intrusion probes and outright attacks on these inter-linked devices. Once that happens, hackers can turn these compromised devices into infection platforms by simply injecting them with malware, which in turn can be easily spread onto the Internet network that these devices are connected to, and used to launch attacks against selected targets.
According to krebsonsecurity;
if you own a wired or wireless router, IP camera or other device that has a Web interface and you haven’t yet changed the factory default credentials, your system may already be part of an IoT botnet. Unfortunately, there is no simple way to tell one way or the other whether it has been compromised, only changing the default password protects them from rapidly being reinfected on reboot.